ISQM 1: the role of tech and training
This is an article taken from the ICAEW website in which Rachel Davis, MD of Just Audit is featured. Credit to ICAEW for all content - the original article can be found on the ICAEW website here.
Technology and training can ease the process when designing, implementing and operating an SoQM under ISQM 1, particularly for smaller firms, but they are not a silver bullet to quality management.
Rachel Davis is at a fairly early stage of the process with ISQM 1 but has made solid progress blocking out time each week to work on it. Her firm, Just Audit (Davis is managing director), is a 15-person practice with two audit RIs. As the firm is busy and time is always tight, she is using available training materials and technology to ease the process.
“I decided I had to have a piece of software because otherwise it can get messy,” she says. “Technology pulls out the quality objectives and typical risks that are in the standard. While each firm has its own risks and should take a tailored approach, tech platforms can provide a foundation that makes the task less daunting.”
This was paired with root cause analysis training; six of the team from Just Audit went on a root cause analysis facilitation training across two days. Davis also used training materials and webinars provided by ICAEW, IAASB and IFAC to get to grips with this, and to help with the digestion of the standard.
“We’re locking in time every other Thursday afternoon for a couple of hours to practice facilitating root cause analysis so that the training we’ve done isn’t going to go to waste.”
Technology can give accountants a starting point with ISQM 1, but it cannot offer a complete solution; accountants will need to understand the requirements of the standard and how they relate to their individual firms. They will need to spend some time thinking about whether the tools they are using appropriately capture the quality objectives that are relevant to their firm, the specific risks that reflect the nature and circumstances of their firm, and ensure they have responses to address these.
Davis does think it can, however, make the process a little less daunting. A software tool might be the right solution for a given practice, but equally, firms might prefer to design their own System of Quality Management (SOQM).
“The responsibility for designing, implementing and operating the SOQM rests with the firm alone,” says Gill Spaul, Director, Audit Quality (Europe) for Moore Global and Chair of ICAEW’s QM working group. “A firm’s leadership alone can assess whether it appropriately reflects the relevant quality objectives, identifies and assesses risks that threaten the achievement of those objectives, and has the right responses in place to mitigate those risks.”
Software tools are classed as a ‘resource’ from a service provider; firms will need to address the specific quality objectives in ISQM 1 that arise as a result. ICAEW has just published a guide that will help members to identify the information they may need when thinking about this.
Training also has a specific role to play; in general, training requirements are dependent on the risk makeup of a given firm, says Andrew Jarvis, Managing Director of HAT Group of Accountants, which provides training to firms.
“The compliance partner, senior management and partners need to know about the standard. But in terms of training, it’s this combination of making sure staff are aware of the firm’s procedures, which an outside organisation can help with, and specific training dealing with risks identified and internal procedures, which is going to be driven by the partners themselves.”
At this stage, any training, in whatever form, focuses on crucial practicalities such as root cause analysis and how to take an honest look at the firm’s risks. A lot of that takes either a workshop or discussion format. This part is relatively straightforward; the tricky part with training is ensuring that the right course is given to the right people at the right time, says Jarvis.
“Timing is absolutely crucial. If it’s more than a couple of months before staff apply the content in practice, the message will not bed in.”
It’s important to determine how you measure the effectiveness of training. There is no kind of assessment connected to many CPD courses. It can be helpful to do follow up work to ensure that knowledge is applied and figure out how to assess whether those risks and issues have been effectively addressed.
“Training is definitely part of the solution, but it’s not the whole solution,” says Jarvis. “Firms need to think very carefully about the training they need and who provides that training.” Those needs will always be bespoke to the firm, so partners need to determine whether that training is better coming from someone internal, or to bring in someone from outside to articulate what you’re trying to do. “It could be somebody like me coming in and maybe covering some of the technicalities, then tailoring the course so that it reinforces the firm’s message as well.”
In short, technology and training, while useful in easing the pressure on firms to get up to speed, are not enough in themselves. The core of the work around ISQM 1 must come from the firms themselves. As Davis says, “It gives us a starting point for us to meet ISQM 1, which we will keep improving over time.”